HandBrake-1[.]8[.]0-x86_64-Win_GUI[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

HandBrake-1.8.0-x86_64-Win_GUI.exe
Size

22.7MB
MD5

420ad6cf4d29194fc9289f6eae295fe6
SHA1

810eae7d7d6f8e4cc25b012a183523fe651aa898
SHA256

a75c643d7260bd49401c1d45e0a326cc3bfab3a03467d210169f086ebaad1c18
SHA512

a2e151de9ddb0fb7ec4253152a2f7edf059a4e19418231f87f4c4e38ecb26c61947583da3b4e9e72434b8301a2624e32a46c70a988e9d8b1a36e1f14206f537d
SSDEEP

393216:HxaFJfOosjnNB4iod9ptuAL0FXk6WWAHlbRrtDCjIJ6GZXsQW5Ek6igaxrHMJMp:HkFJfOXPpUHuAkXRWWibRpDhBXf3igMt

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/HandBrake.Worker.exe
unpack001/HandBrake.exe
unpack001/hb.dll

Files

HandBrake-1.8.0-x86_64-Win_GUI.exe
.exe windows:4 windows x86 arch:x86

f4639a0b3116c2cfc71144b88a929cfd

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:44:47:d6:5e:d2:9f:3e:21:27:0c:69:3f:ef:58:75
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

01/09/2023, 08:57

Not After

31/08/2024, 08:57

Subject

CN=Open Source Developer\, Scott Rae,O=Open Source Developer,L=Livingston,C=GB,1.2.840.113549.1.9.1=#0c13737235352e6862406f75746c6f6f6b2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b6:e8:f9:bd:2b:a1:e1:a1:ae:1e:2d:95:23:69:48:dd:fb:27:c6:51:00:00:dd:21:48:99:03:0c:12:da:42:ca
Signer

Actual PE Digest

b6:e8:f9:bd:2b:a1:e1:a1:ae:1e:2d:95:23:69:48:dd:fb:27:c6:51:00:00:dd:21:48:99:03:0c:12:da:42:ca

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

lstrcmpiA
CreateFileW
GetTempFileNameW
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
WriteFile
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
SetEnvironmentVariableW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

85f08eb0cbec010ecbc287fa68321173

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryW
GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetModuleHandleW
CloseHandle
SetEndOfFile
GetPrivateProfileIntW
SetFilePointer
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
GetPrivateProfileStringW
lstrcatW
lstrcpynW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
WriteFile
GlobalAlloc

user32

PtInRect
LoadCursorW
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
SetWindowLongW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
MessageBoxW
GetSysColor
CharNextW
wsprintfW
GetWindowTextW
SetWindowTextW
SendMessageW
MapWindowPoints

gdi32

SetTextColor
CreateCompatibleDC
GetObjectW
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderW
SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
make_unicode
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
HandBrake.Worker.exe
.exe windows:6 windows x64 arch:x64

6a91eb82bfd19d2706c7d43c46f7064e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb

Imports

kernel32

FreeLibrary
LoadLibraryExW
OutputDebugStringW
FindFirstFileExW
EnterCriticalSection
GetFullPathNameW
FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
GetEnvironmentVariableW
GetModuleHandleW
MultiByteToWideChar
GetFileAttributesExW
LoadLibraryA
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetWindowsDirectoryW
FindResourceW
GetLastError
ActivateActCtx
FindClose
CreateActCtxW
SetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStringTypeW
SwitchToThread
GetCurrentThreadId
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime

user32

MessageBoxW

shell32

ShellExecuteW

advapi32

RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_exit
exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_errno
abort
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
terminate
__p___argc

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fputwc
__p__commode
_set_fmode
fputws
_wfsopen
fflush
__stdio_common_vfwprintf
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf
setvbuf

api-ms-win-crt-heap-l1-1-0

calloc
_set_new_mode
free
_callnewh
malloc

api-ms-win-crt-string-l1-1-0

toupper
_wcsdup
wcsncmp
wcsnlen
strcpy_s

api-ms-win-crt-convert-l1-1-0

wcstoul
_wtoi

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_time64
wcsftime

api-ms-win-crt-locale-l1-1-0

setlocale
___mb_cur_max_func
_configthreadlocale
___lc_codepage_func
___lc_locale_name_func
__pctype_func
_lock_locales
_unlock_locales

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HandBrake.exe
.exe windows:6 windows x64 arch:x64

6a91eb82bfd19d2706c7d43c46f7064e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb

Imports

kernel32

FreeLibrary
LoadLibraryExW
OutputDebugStringW
FindFirstFileExW
EnterCriticalSection
GetFullPathNameW
FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
GetEnvironmentVariableW
GetModuleHandleW
MultiByteToWideChar
GetFileAttributesExW
LoadLibraryA
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetWindowsDirectoryW
FindResourceW
GetLastError
ActivateActCtx
FindClose
CreateActCtxW
SetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStringTypeW
SwitchToThread
GetCurrentThreadId
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime

user32

MessageBoxW

shell32

ShellExecuteW

advapi32

RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_exit
exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_errno
abort
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
terminate
__p___argc

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fputwc
__p__commode
_set_fmode
fputws
_wfsopen
fflush
__stdio_common_vfwprintf
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf
setvbuf

api-ms-win-crt-heap-l1-1-0

calloc
_set_new_mode
free
_callnewh
malloc

api-ms-win-crt-string-l1-1-0

toupper
_wcsdup
wcsncmp
wcsnlen
strcpy_s

api-ms-win-crt-convert-l1-1-0

wcstoul
_wtoi

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_time64
wcsftime

api-ms-win-crt-locale-l1-1-0

setlocale
___mb_cur_max_func
_configthreadlocale
___lc_codepage_func
___lc_locale_name_func
__pctype_func
_lock_locales
_unlock_locales

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
doc/COPYING
hb.dll
.dll windows:4 windows x64 arch:x64

92f12213e9201ccfa9a77ebcc2f7dc8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
OpenProcessToken
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
SystemFunction036

bcrypt

BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider

gdi32

CreateCompatibleDC
CreateFontIndirectW
DeleteDC
DeleteObject
EnumFontFamiliesW
GetTextFaceW
SelectObject

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
AreFileApisANSI
CancelIo
CloseHandle
CompareStringOrdinal
CopyFileExW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileW
CreateHardLinkW
CreateMutexA
CreateNamedPipeW
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateSymbolicLinkW
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileW
DeleteProcThreadAttributeList
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetActiveProcessorCount
GetActiveProcessorGroupCount
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSize
GetFileSizeEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetHandleInformation
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetNumaHighestNodeNumber
GetNumaNodeProcessorMaskEx
GetOverlappedResult
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessId
GetProcessTimes
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetThreadContext
GetThreadGroupAffinity
GetThreadPriority
GetThreadTimes
GetTickCount64
GetTimeZoneInformation
GetWindowsDirectoryW
HeapAlloc
HeapFree
HeapReAlloc
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeProcThreadAttributeList
InitializeSRWLock
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalFree
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExA
MoveFileExW
MultiByteToWideChar
OpenFileMappingA
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReadFileEx
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlUnwindEx
RtlVirtualUnwind
SetConsoleTextAttribute
SetCurrentDirectoryW
SetDllDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadAffinityMask
SetThreadContext
SetThreadErrorMode
SetThreadGroupAffinity
SetThreadPriority
SetThreadStackGuarantee
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
SleepEx
SuspendThread
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryEnterCriticalSection
UnmapViewOfFile
UpdateProcThreadAttribute
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFileEx

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__iob_func
__setusermatherr
_access
_aligned_free
_aligned_malloc
_aligned_realloc
_amsg_exit
_assert
_beginthreadex
_endthreadex
_errno
_exit
_filelengthi64
_fileno
_findclose
_findfirst64
_findnext64
_fstat64
_ftime64
_fullpath
_get_osfhandle
_gmtime64
_hypot
_initterm
_localtime64
_lock
_lseeki64
_mkdir
_mktime64
_open
_pipe
_putenv_s
_read
_rmdir
_setjmp
_snprintf
_sopen
_stat64
_stricmp
_strnicmp
_time64
_ultoa
_unlink
_unlock
_vscprintf
_vsnprintf
_waccess
_wcsnicmp
_wfindnext64
_wfopen
_wfopen_s
_wfullpath
_wmkdir
_wopen
_wremove
_wrename
_wrmdir
_wsopen
_wstat64
_wunlink
abort
acos
asctime
asin
atan
atof
atoi
bsearch
calloc
clock
cosh
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fopen_s
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwrite
getc
getenv
isalnum
isalpha
iscntrl
isgraph
islower
isprint
ispunct
isspace
isupper
tanh
iswctype
isxdigit
localeconv
log10
longjmp
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
perror
printf
putc
qsort
rand
realloc
rewind
setlocale
setvbuf
signal
sinh
srand
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strncpy_s
strpbrk
strrchr
strspn
strstr
strtok
strtok_s
strtol
strtoul
strxfrm
tan
tolower
toupper
towlower
towupper
ungetc
vfprintf
wcscat
wcscat_s
wcscoll
wcscpy
wcscpy_s
wcsftime
wcslen
wcsncpy
wcsrchr
wcsstr
wcstombs_s
wcstoul
wcsxfrm
_wfindfirst64
_strtoui64
_strtoi64
_ftime64_s
_nextafter
_write
_unlink
_stricmp
_strdup
_setmode
_rmdir
_read
_open
_isatty
_getpid
_getcwd
_fileno
_fdopen
_dup
_close

ntdll

NtCreateFile
NtReadFile
NtWriteFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlNtStatusToDosError

ole32

CoTaskMemFree
StringFromGUID2

shell32

SHGetFolderPathW
SHGetKnownFolderPath

user32

GetDC
GetDesktopWindow
ReleaseDC

userenv

GetUserProfileDirectoryW

ws2_32

WSACleanup
WSADuplicateSocketW
WSAGetLastError
WSARecv
WSASend
WSASocketW
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
getpeername
getsockname
getsockopt
htons
ioctlsocket
listen
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Exports

Exports

ABR_iteration_loop
ALL_POWERSCHEMES_GUID
AMFFormatGUID
AMFStructuredBufferFormatGUID
APIFunc
APIVideoFunc2
ARRAYID_PathProperties
ATHformula
AcceleratorKey_Property_GUID
AccessKey_Property_GUID
AddMD5
AddVbrFrame
AnalyzeSamples
AnnotationObjects_Property_GUID
AnnotationTypes_Property_GUID
Annotation_AnnotationTypeId_Property_GUID
Annotation_AnnotationTypeName_Property_GUID
Annotation_Author_Property_GUID
Annotation_DateTime_Property_GUID
Annotation_Pattern_GUID
Annotation_Target_Property_GUID
AppBar_Control_GUID
AriaProperties_Property_GUID
AriaRole_Property_GUID
AsyncContentLoaded_Event_GUID
AutomationFocusChanged_Event_GUID
AutomationId_Property_GUID
AutomationPropertyChanged_Event_GUID
BHID_AssociationArray
BHID_DataObject
BHID_EnumAssocHandlers
BHID_EnumItems
BHID_Filter
BHID_LinkTargetItem
BHID_PropertyStore
BHID_RandomAccessStream
BHID_SFObject
BHID_SFUIObject
BHID_SFViewObject
BHID_Storage
BHID_StorageEnum
BHID_Stream
BHID_ThumbnailHandler
BHID_Transfer
BZ2_blockSort
BZ2_bsInitWrite
BZ2_bzBuffToBuffCompress
BZ2_bzBuffToBuffDecompress
BZ2_bzCompress
BZ2_bzCompressEnd
BZ2_bzCompressInit
BZ2_bzDecompress
BZ2_bzDecompressEnd
BZ2_bzDecompressInit
BZ2_bzRead
BZ2_bzReadClose
BZ2_bzReadGetUnused
BZ2_bzReadOpen
BZ2_bzWrite
BZ2_bzWriteClose
BZ2_bzWriteClose64
BZ2_bzWriteOpen
BZ2_bz__AssertH__fail
BZ2_bzclose
BZ2_bzdopen
BZ2_bzerror
BZ2_bzflush
BZ2_bzlibVersion
BZ2_bzopen
BZ2_bzread
BZ2_bzwrite
BZ2_compressBlock
BZ2_crc32Table
BZ2_decompress
BZ2_hbAssignCodes
BZ2_hbCreateDecodeTables
BZ2_hbMakeCodeLengths
BZ2_indexIntoF
BZ2_rNums
BitrateIndex
BoundingRectangle_Property_GUID
Button_Control_GUID
CATID_BrowsableShellExt
CATID_BrowseInPlace
CATID_CommBand
CATID_DeskBand
CATID_InfoBand
CATID_InternetAware
CATID_IsShortcut
CATID_LocationFactory
CATID_LocationProvider
CATID_NeverShowExt
CATID_PersistsToFile
CATID_PersistsToMemory
CATID_PersistsToMoniker
CATID_RequiresDataPathHost
CATID_SafeForInitializing
CATID_SafeForScripting
CATID_SearchableApplication
CBR_iteration_loop
CGID_DefView
CGID_Explorer
CGID_ExplorerBarDoc
CGID_MENUDESKBAR
CGID_ShellDocView
CGID_ShellServiceObject
CGID_ShortCut
CLSID_ACLCustomMRU
CLSID_ACLHistory
CLSID_ACLMRU
CLSID_ACLMulti
CLSID_ACListISF
CLSID_AccPropServices
CLSID_AccessibilityDockingService
CLSID_ActiveDesktop
CLSID_AllClasses
CLSID_AlphabeticalCategorizer
CLSID_AppShellVerbHandler
CLSID_AppStartupLink
CLSID_AppVisibility
CLSID_ApplicationActivationManager
CLSID_ApplicationAssociationRegistration
CLSID_ApplicationAssociationRegistrationUI
CLSID_ApplicationDesignModeSettings
CLSID_ApplicationDestinations
CLSID_ApplicationDocumentLists
CLSID_AttachmentServices
CLSID_AutoComplete
CLSID_CAnchorBrowsePropertyPage
CLSID_CColorPropPage
CLSID_CDBurn
CLSID_CDocBrowsePropertyPage
CLSID_CFSIconOverlayManager
CLSID_CFontPropPage
CLSID_CImageBrowsePropertyPage
CLSID_CPicturePropPage
CLSID_CScriptErrorList
CLSID_CTask
CLSID_CTaskScheduler
CLSID_CUIAutomation
CLSID_CUIAutomation8
CLSID_CUIAutomationRegistrar
CLSID_CURLSearchHook
CLSID_CUrlHistory
CLSID_ControlPanel
CLSID_ConvertVBX
CLSID_CurrentUserClasses
CLSID_D2D12DAffineTransform
CLSID_D2D13DPerspectiveTransform
CLSID_D2D13DTransform
CLSID_D2D1ArithmeticComposite
CLSID_D2D1Atlas
CLSID_D2D1BitmapSource
CLSID_D2D1Blend
CLSID_D2D1Border
CLSID_D2D1Brightness
CLSID_D2D1ColorManagement
CLSID_D2D1ColorMatrix
CLSID_D2D1Composite
CLSID_D2D1ConvolveMatrix
CLSID_D2D1Crop
CLSID_D2D1DirectionalBlur
CLSID_D2D1DiscreteTransfer
CLSID_D2D1DisplacementMap
CLSID_D2D1DistantDiffuse
CLSID_D2D1DistantSpecular
CLSID_D2D1DpiCompensation
CLSID_D2D1Flood
CLSID_D2D1GammaTransfer
CLSID_D2D1GaussianBlur
CLSID_D2D1Histogram
CLSID_D2D1HueRotation
CLSID_D2D1LinearTransfer
CLSID_D2D1LuminanceToAlpha
CLSID_D2D1Morphology
CLSID_D2D1OpacityMetadata
CLSID_D2D1PointDiffuse
CLSID_D2D1PointSpecular
CLSID_D2D1Premultiply
CLSID_D2D1Saturation
CLSID_D2D1Scale
CLSID_D2D1Shadow
CLSID_D2D1SpotDiffuse
CLSID_D2D1SpotSpecular
CLSID_D2D1TableTransfer
CLSID_D2D1Tile
CLSID_D2D1Turbulence
CLSID_D2D1UnPremultiply
CLSID_DCOMAccessControl
CLSID_DCompManipulationCompositor
CLSID_DOMDocument
CLSID_DOMFreeThreadedDocument
CLSID_DarwinAppPublisher
CLSID_DataLinks
CLSID_DefFolderMenu
CLSID_DesktopGadget
CLSID_DesktopWallpaper
CLSID_DestinationList
CLSID_DirectManipulationManager
CLSID_DirectManipulationSharedManager
CLSID_DirectManipulationViewport
CLSID_DocHostUIHandler
CLSID_DocPropShellExtension
CLSID_DragDropHelper
CLSID_DriveSizeCategorizer
CLSID_DriveTypeCategorizer
CLSID_EnumerableObjectCollection
CLSID_ExecuteFolder
CLSID_ExecuteUnknown
CLSID_ExplorerBrowser
CLSID_FSCopyHandler
CLSID_FileOpenDialog
CLSID_FileOperation
CLSID_FileSaveDialog
CLSID_FileSearchBand
CLSID_FileTypes
CLSID_FolderItem
CLSID_FolderItemsMultiLevel
CLSID_FolderShortcut
CLSID_FolderViewHost
CLSID_FrameworkInputPane
CLSID_FreeSpaceCategorizer
CLSID_GenericCredentialProvider
CLSID_GlobalOptions
CLSID_HWShellExecute
CLSID_HomeGroup
CLSID_IENamespaceTreeControl
CLSID_ISFBand
CLSID_IdentityUnmarshal
CLSID_ImageProperties
CLSID_ImageRecompress
CLSID_InMemoryPropertyStore
CLSID_InProcFreeMarshaler
CLSID_Internet
CLSID_InternetButtons
CLSID_InternetExplorer
CLSID_InternetPrintOrdering
CLSID_InternetSecurityManager
CLSID_InternetShortcut
CLSID_InternetZoneManager
CLSID_KnownFolderManager
CLSID_LinkColumnProvider
CLSID_LocalMachineClasses
CLSID_MSDAINITIALIZE
CLSID_MSOButtons
CLSID_MailRecipient
CLSID_MenuBand
CLSID_MenuBandSite
CLSID_MenuToolbarBase
CLSID_MergedCategorizer
CLSID_MyComputer
CLSID_MyDocuments
CLSID_NPCredentialProvider
CLSID_NamespaceTreeControl
CLSID_NamespaceWalker
CLSID_NetworkConnections
CLSID_NetworkDomain
CLSID_NetworkExplorerFolder
CLSID_NetworkListManager
CLSID_NetworkPlaces
CLSID_NetworkServer
CLSID_NetworkShare
CLSID_NewMenu
CLSID_OnexCredentialProvider
CLSID_OnexPlapSmartcardCredentialProvider
CLSID_OpenControlPanel
CLSID_PINLogonCredentialProvider
CLSID_PSBindCtx
CLSID_PSClassObject
CLSID_PSClientSite
CLSID_PSDragDrop
CLSID_PSEnumerators
CLSID_PSGenObject
CLSID_PSInPlaceActive
CLSID_PSInPlaceFrame
CLSID_PackageDebugSettings
CLSID_PasswordCredentialProvider
CLSID_PersistPropset
CLSID_Picture_Dib
CLSID_Picture_EnhMetafile
CLSID_Picture_Metafile
CLSID_PlaybackManager
CLSID_PreviousVersions
CLSID_Printers
CLSID_ProgressDialog
CLSID_PropertiesUI
CLSID_PropertySystem
CLSID_PublishDropTarget
CLSID_PublishingWizard
CLSID_QueryAssociations
CLSID_QueryCancelAutoPlay
CLSID_QuickLinks
CLSID_RASProvider
CLSID_RecycleBin
CLSID_RootBinder
CLSID_ScheduledTasks
CLSID_SearchAssistantOC
CLSID_SearchFolderItemFactory
CLSID_SharingConfigurationManager
CLSID_Shell
CLSID_ShellBrowserWindow
CLSID_ShellDesktop
CLSID_ShellDispatchInproc
CLSID_ShellFSFolder
CLSID_ShellFldSetExt
CLSID_ShellFolderItem
CLSID_ShellFolderView
CLSID_ShellFolderViewOC
CLSID_ShellItem
CLSID_ShellLibrary
CLSID_ShellLink
CLSID_ShellLinkObject
CLSID_ShellNameSpace
CLSID_ShellSearchAssistantOC
CLSID_ShellShellNameSpace
CLSID_ShellUIHelper
CLSID_ShellWindows
CLSID_SizeCategorizer
CLSID_SmartcardCredentialProvider
CLSID_SmartcardPinProvider
CLSID_SmartcardReaderSelectionProvider
CLSID_SmartcardWinRTProvider
CLSID_StartMenuPin
CLSID_StaticDib
CLSID_StaticMetafile
CLSID_StdFont
CLSID_StdGlobalInterfaceTable
CLSID_StdHlink
CLSID_StdHlinkBrowseContext
CLSID_StdMarshal
CLSID_StdPicture
CLSID_StdURLProtocol
CLSID_TaskbarList
CLSID_TimeCategorizer
CLSID_ToolbarExtButtons
CLSID_TrayBandSiteService
CLSID_TrayDeskBand
CLSID_UserNotification
CLSID_V1PasswordCredentialProvider
CLSID_V1SmartcardCredentialProvider
CLSID_V1WinBioCredentialProvider
CLSID_VaultProvider
CLSID_VirtualDesktopManager
CLSID_WebBrowser
CLSID_WebBrowser_V1
CLSID_WebWizardHost
CLSID_WinBioCredentialProvider
CLSID_XMLDSOControl
CLSID_XMLDocument
CLSID_XMLHTTPRequest
CPFG_CREDENTIAL_PROVIDER_LABEL
CPFG_CREDENTIAL_PROVIDER_LOGO
CPFG_LOGON_PASSWORD
CPFG_LOGON_USERNAME
CPFG_SMARTCARD_PIN
CPFG_SMARTCARD_USERNAME
CRC_writeheader
Calendar_Control_GUID
CenterPoint_Property_GUID
Changes_Event_GUID
CheckBox_Control_GUID
ClassName_Property_GUID
ClickablePoint_Property_GUID
ComboBox_Control_GUID
ControlType_Property_GUID
ControllerFor_Property_GUID
Culture_Property_GUID
CustomNavigation_Pattern_GUID
Custom_Control_GUID
D3D11_DECODER_PROFILE_H264_IDCT_FGT
D3D11_DECODER_PROFILE_H264_IDCT_NOFGT
D3D11_DECODER_PROFILE_H264_MOCOMP_FGT
D3D11_DECODER_PROFILE_H264_MOCOMP_NOFGT
D3D11_DECODER_PROFILE_H264_VLD_FGT
D3D11_DECODER_PROFILE_H264_VLD_MULTIVIEW_NOFGT
D3D11_DECODER_PROFILE_H264_VLD_NOFGT
D3D11_DECODER_PROFILE_H264_VLD_STEREO_NOFGT
D3D11_DECODER_PROFILE_H264_VLD_STEREO_PROGRESSIVE_NOFGT
D3D11_DECODER_PROFILE_H264_VLD_WITHFMOASO_NOFGT
D3D11_DECODER_PROFILE_HEVC_VLD_MAIN
D3D11_DECODER_PROFILE_HEVC_VLD_MAIN10
D3D11_DECODER_PROFILE_MPEG1_VLD
D3D11_DECODER_PROFILE_MPEG2_IDCT
D3D11_DECODER_PROFILE_MPEG2_MOCOMP
D3D11_DECODER_PROFILE_MPEG2_VLD
D3D11_DECODER_PROFILE_MPEG2and1_VLD
D3D11_DECODER_PROFILE_MPEG4PT2_VLD_ADVSIMPLE_GMC
D3D11_DECODER_PROFILE_MPEG4PT2_VLD_ADVSIMPLE_NOGMC
D3D11_DECODER_PROFILE_MPEG4PT2_VLD_SIMPLE
D3D11_DECODER_PROFILE_VC1_D2010
D3D11_DECODER_PROFILE_VC1_IDCT
D3D11_DECODER_PROFILE_VC1_MOCOMP
D3D11_DECODER_PROFILE_VC1_POSTPROC
D3D11_DECODER_PROFILE_VC1_VLD
D3D11_DECODER_PROFILE_VP8_VLD
D3D11_DECODER_PROFILE_VP9_VLD_10BIT_PROFILE2
D3D11_DECODER_PROFILE_VP9_VLD_PROFILE0
D3D11_DECODER_PROFILE_WMV8_MOCOMP
D3D11_DECODER_PROFILE_WMV8_POSTPROC
D3D11_DECODER_PROFILE_WMV9_IDCT
D3D11_DECODER_PROFILE_WMV9_MOCOMP
D3D11_DECODER_PROFILE_WMV9_POSTPROC
D3DCRYPTOTYPE_AES128_CTR
D3DCRYPTOTYPE_PROPRIETARY
D3DKEYEXCHANGE_DXVA
D3DKEYEXCHANGE_RSAES_OAEP
DIID_DShellFolderViewEvents
DIID_DShellNameSpaceEvents
DIID_DShellWindowsEvents
DIID_DWebBrowserEvents
DIID_DWebBrowserEvents2
DIID_XMLDOMDocumentEvents
DIID__SearchAssistantEvents
DRM_INTEL_DRIVER_NAME
DVDClose
DVDCloseFile
DVDDiscID
DVDFileSeek
DVDFileSeekForce
DVDFileSize
DVDFileStat
DVDISOVolumeInfo
DVDOpen
DVDOpen2
DVDOpenFile
DVDOpenStream
DVDOpenStream2
DVDReadBlocks
DVDReadBytes
DVDReadLog
DVDUDFCacheLevel
DVDUDFVolumeInfo
DXGI_DEBUG_ALL
DXGI_DEBUG_APP
DXGI_DEBUG_DX
DXGI_DEBUG_DXGI
DXVA2_ModeH264_A
DXVA2_ModeH264_B
DXVA2_ModeH264_C
DXVA2_ModeH264_D
DXVA2_ModeH264_E
DXVA2_ModeH264_F
DXVA2_ModeH264_VLD_Multiview_NoFGT
DXVA2_ModeH264_VLD_Stereo_NoFGT
DXVA2_ModeH264_VLD_Stereo_Progressive_NoFGT
DXVA2_ModeH264_VLD_WithFMOASO_NoFGT
DXVA2_ModeHEVC_VLD_Main
DXVA2_ModeHEVC_VLD_Main10
DXVA2_ModeMPEG1_VLD
DXVA2_ModeMPEG2_IDCT
DXVA2_ModeMPEG2_MoComp
DXVA2_ModeMPEG2_VLD
DXVA2_ModeMPEG2and1_VLD
DXVA2_ModeMPEG4pt2_VLD_AdvSimple_GMC
DXVA2_ModeMPEG4pt2_VLD_AdvSimple_NoGMC
DXVA2_ModeMPEG4pt2_VLD_Simple
DXVA2_ModeVC1_A
DXVA2_ModeVC1_B
DXVA2_ModeVC1_C
DXVA2_ModeVC1_D
DXVA2_ModeVC1_D2010
DXVA2_ModeVP8_VLD
DXVA2_ModeVP9_VLD_10bit_Profile2
DXVA2_ModeVP9_VLD_Profile0
DXVA2_ModeWMV8_A
DXVA2_ModeWMV8_B
DXVA2_ModeWMV9_A
DXVA2_ModeWMV9_B
DXVA2_ModeWMV9_C
DXVA2_NoEncrypt
DXVA2_VideoProcBobDevice
DXVA2_VideoProcProgressiveDevice
DXVA2_VideoProcSoftwareDevice
DXVA_ModeAV1_VLD_12bit_Profile2
DXVA_ModeAV1_VLD_12bit_Profile2_420
DXVA_ModeAV1_VLD_Profile0
DXVA_ModeAV1_VLD_Profile1
DXVA_ModeAV1_VLD_Profile2
DXVA_NoEncrypt
DataGrid_Control_GUID
DataItem_Control_GUID
DescribedBy_Property_GUID
Dock_DockPosition_Property_GUID
Dock_Pattern_GUID
Document_Control_GUID
Drag_DragCancel_Event_GUID
Drag_DragComplete_Event_GUID
Drag_DragStart_Event_GUID
Drag_DropEffect_Property_GUID
Drag_DropEffects_Property_GUID
Drag_GrabbedItems_Property_GUID
Drag_IsGrabbed_Property_GUID
Drag_Pattern_GUID
DropTarget_DragEnter_Event_GUID
DropTarget_DragLeave_Event_GUID
DropTarget_DropTargetEffect_Property_GUID
DropTarget_DropTargetEffects_Property_GUID
DropTarget_Dropped_Event_GUID
DropTarget_Pattern_GUID
EP_AdvQueryPane

Sections

.text
Size: 52.4MB - Virtual size: 52.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 487KB - Virtual size: 487KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 722KB - Virtual size: 722KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 23.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
portable.ini.template
uninst.exe.nsis

Sharing

General

Malware Config

Signatures

Files

f4639a0b3116c2cfc71144b88a929cfd

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31Certificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

39:44:47:d6:5e:d2:9f:3e:21:27:0c:69:3f:ef:58:75Certificate

Extended Key Usages

Key Usages

b6:e8:f9:bd:2b:a1:e1:a1:ae:1e:2d:95:23:69:48:dd:fb:27:c6:51:00:00:dd:21:48:99:03:0c:12:da:42:caSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 126KB

.ndata Size: - Virtual size: 72KB

.rsrc Size: 120KB - Virtual size: 120KB

85f08eb0cbec010ecbc287fa68321173

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 662B

6a91eb82bfd19d2706c7d43c46f7064e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

39:44:47:d6:5e:d2:9f:3e:21:27:0c:69:3f:ef:58:75
Certificate

b6:e8:f9:bd:2b:a1:e1:a1:ae:1e:2d:95:23:69:48:dd:fb:27:c6:51:00:00:dd:21:48:99:03:0c:12:da:42:ca
Signer

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 126KB

.ndata
Size: - Virtual size: 72KB

.rsrc
Size: 120KB - Virtual size: 120KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 90KB - Virtual size: 90KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 5KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 1024B - Virtual size: 792B

.rsrc
Size: 119KB - Virtual size: 118KB

.text
Size: 90KB - Virtual size: 90KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 5KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 1024B - Virtual size: 792B

.rsrc
Size: 121KB - Virtual size: 120KB

.text
Size: 52.4MB - Virtual size: 52.4MB

.rodata
Size: 3KB - Virtual size: 2KB

.data
Size: 89KB - Virtual size: 89KB

.rdata
Size: 8.4MB - Virtual size: 8.4MB

.pdata
Size: 487KB - Virtual size: 487KB

.xdata
Size: 722KB - Virtual size: 722KB